Security Bulletin: IBM Sterling B2B Integrator Standard Edition could disclose sensitive information in the HTTP response

Summary In IBM Sterling B2B Integrator's dashboard, many links have CSRF tokens at the end of URLs. An attacker could post something with a link to the B2Bi dashboard somewhere. If a B2Bi user who has the active http session and owns the token clicks the link then the request will be honored sinc...

OPENSUSE-SU-2024:0201-1 Security update for Botan

This update for Botan fixes the following issues: Update to 2.19.5: Fix multiple Denial of service attacks due to X.509 cert processing: CVE-2024-34702 - boo1227238 CVE-2024-34703 - boo1227607 CVE-2024-39312 - boo1227608 Fix a crash in OCB Fix a test failure in compression with certain versions o...

CVE-2024-40902

A buffer overflow vulnerability was found in the Linux kernel, where the xattr size is bigger than the expected size and was printed to the kernel log in hex format. Printing it out can cause access off the buffer's end, leading to loss of confidentiality, integrity, and availability. Mitigation...

How to Capture a Memory Dump from a Provisioned Target in a Hyper-V Environment

This article describes how to generate a memory dump file from a provisioned target in a Hyper-V environment.This process requires no modification to the virtual machine. Requirements Download and install the Debugging Tools for Windows package from Microsoft's web site: Debugging Tools for Windo...

CVE-2024-40902

In the Linux kernel, the following vulnerability has been resolved: jfs: xattr: fix buffer overflow for invalid xattr When an xattr size is not what is expected, it is printed out to the kernel log in hex format as a form of debugging. But when that xattr size is bigger than the expected size,...

CVE-2024-40978 scsi: qedi: Fix crash while reading debugfs attribute

In the Linux kernel, the following vulnerability has been resolved: scsi: qedi: Fix crash while reading debugfs attribute The qedidbgdonotrecovercmdread function invokes sprintf directly on a user pointer, which results into the crash. To fix this issue, use a small local stack buffer for sprintf...

CVE-2024-40902 jfs: xattr: fix buffer overflow for invalid xattr

In the Linux kernel, the following vulnerability has been resolved: jfs: xattr: fix buffer overflow for invalid xattr When an xattr size is not what is expected, it is printed out to the kernel log in hex format as a form of debugging. But when that xattr size is bigger than the expected size,...

CVE-2024-40902 jfs: xattr: fix buffer overflow for invalid xattr

In the Linux kernel, the following vulnerability has been resolved: jfs: xattr: fix buffer overflow for invalid xattr When an xattr size is not what is expected, it is printed out to the kernel log in hex format as a form of debugging. But when that xattr size is bigger than the expected size,...

CVE-2024-40902

In the Linux kernel, the following vulnerability has been resolved: jfs: xattr: fix buffer overflow for invalid xattr When an xattr size is not what is expected, it is printed out to the kernel log in hex format as a form of debugging. But when that xattr size is bigger than the expected size,...

Linux kernel security vulnerabilities

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a debugging information disclosure issue in the bpf component during pskbpullreason processing...

Description of the security update for SharePoint Server Subscription Edition: July 9, 2024 (KB5002606)

Description of the security update for SharePoint Server Subscription Edition: July 9, 2024 KB5002606 Summary This security update resolves a Microsoft SharePoint Server remote code execution vulnerability, Microsoft SharePoint remote code execution vulnerability, and Microsoft SharePoint Server...

LevelOne WBR-6013 Security Vulnerability

The LevelOne WBR-6013 is a wireless router from LevelOne. A security vulnerability exists in the LevelOne WBR-6013 RER4Av3411b2T2RLEV09170623 version, which stems from the presence of residual debugging code in the boa formSysCmd function, where a specially crafted network request could result in...

sos bug fix and enhancement update

An update is available for sos. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The sos package contains a set of utilities that gather information from system...

Medium: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: md: fix kmemleak of rdev-serial CVE-2024-26900 In the Linux kernel, the following vulnerability has been resolved: dyndbg: fix old BUGON in control parser CVE-2024-35947 In the Linux kernel, the following...

BIT-HUBBLE-RELAY-2024-37307 Cilium leaks sensitive information in cilium-bugtool

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Starting in version 1.13.0 and prior to versions 1.13.7, 1.14.12, and 1.15.6, the output of cilium-bugtool can contain sensitive data when the tool is run with the --envoy-dump flag set against Cilium...

CVE-2021-47598

In the Linux kernel, the following vulnerability has been resolved: schcake: do not call cakedestroy from cakeinit qdiscs are not supposed to call their own destroy method from init, because core stack already does that. syzbot was able to trigger use after free: DEBUGLOCKSWARNONlock-magic != loc...

CVE-2024-38605

In the Linux kernel, the following vulnerability has been resolved: ALSA: core: Fix NULL module pointer assignment at card init The commit 81033c6b584b "ALSA: core: Warn on empty module" introduced a WARNON for a NULL module pointer passed at sndcard object creation, and it also wraps the code...

CVE-2024-38576

In the Linux kernel, the following vulnerability has been resolved: rcu: Fix buffer overflow in printcpustallinfo The rcuc-starvation output from printcpustallinfo might overflow the buffer if there is a huge difference in jiffies difference. The situation might seem improbable, but computers...

CVE-2024-38614 openrisc: traps: Don't send signals to kernel mode threads

In the Linux kernel, the following vulnerability has been resolved: openrisc: traps: Don't send signals to kernel mode threads OpenRISC exception handling sends signals to user processes on floating point exceptions and trap instructions for debugging among others. There is a bug where the trap...

CVE-2024-38576 rcu: Fix buffer overflow in print_cpu_stall_info()

In the Linux kernel, the following vulnerability has been resolved: rcu: Fix buffer overflow in printcpustallinfo The rcuc-starvation output from printcpustallinfo might overflow the buffer if there is a huge difference in jiffies difference. The situation might seem improbable, but computers...